Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Microsoft becoming 'software police,' say users

<Quote>
It had a free utility's digital certificate revoked

August 06, 2007 (Computerworld) -- Microsoft Corp. last week slammed
the door on a free utility out of Australia that outflanked one of the
company's touted security features in Windows Vista, by having the
program's digital certificate revoked....

Linchpin Labs' Atsiv utility, released July 20, used a signed driver
to load other, unsigned code into the Vista kernel, according to U.S.-
based Symantec Corp. researcher Ollie Whitehouse. Atsiv, said
Whitehouse, thus let users circumvent a feature of the 64-bit version
of Vista that allows only digitally signed code to be loaded into the
operating system's kernel. The digital signing requirement is one way
Vista tries to stymie hackers from infiltrating the kernel -- the
heart of the operating system -- with, among other things, rootkit
cloaking technologies that hide malware from security software.

"This is rootkit behavior," said Whitehouse last Monday.

Atsiv's developers, on the other hand, have touted the utility as a
tool useful for loading unsigned but legitimate drivers into 64-bit
Vista.

[Microsoft revoked the digital certificate.]

Microsoft also included a detection and removal signature for Atsiv in
the Wednesday update to Windows Defender, the antispyware software
bundled with both the 32- and 64-bit editions of Vista....

Comments pegged to Field's post were mixed but leaned heavily toward
criticizing Microsoft for revoking the Atsiv certificate.

"I'm uncomfortable with the idea of [certification authority] becoming
the software police," said one user, John. "Atsiv may be an easy case,
but what precedent does this set when less cut-and-dried cases arise?
Working around limitations in an operating system is not necessarily a
bad thing."

"I am also concerned about the implications of Microsoft's ability to
have the signing certificate revoked," said Ben, another user
commenting on Field's posting. "It appears that Microsoft ... is using
[code signing] to ensure that programs do not contravene Microsoft's
self-created policies. This is an interesting case of Microsoft not
only being self-appointed police, but self-appointed policy makers."

Michael's long comment started: "This is a very interesting thing
Microsoft have [sic] done. The Microsoft logic seems to revolve around
Atsiv being 'undesirable' or misrepresenting itself in some fashion.
There have never been claims of deception in obtaining the signing
certificate, or that the Atsiv tool does anything other than what it
claims.

"To describe this tool as 'undesirable' stretches that word beyond
reason. Atsiv has no self-propagating functionality. It doesn't do any
privilege escalation or modify any system functions or memory or
anything like that. It uses (I assume) documented windows APIs to
provide functionality that some people clearly desire. You need to be
an administrator to run it. You will see the [User Account Control]
dialog, if enabled. If people choose to download and run it on their
own computers, then it is providing 'desirable' functionality, by
definition."
</Quote>

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=windows&articleId=9029161&taxonomyId=125

You vill do vat vee say or vee vill shut down your computer.


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index